When using electronic computing devices such as desktop computers, laptops, smartphones and so on, it is common for there to be some form of user authentication used. This user authentication can be to protect the device itself, so that it cannot be used unless the correct password is entered, and can also be used to identify a user who is attempting to access a specific service, such as online banking, with the relevant device. User authentication methods will almost always use, as a minimum, a password, often combined with a login name and also other techniques such as using smartcards and biometric data.
A common problem faced by users when signing in is that as a user types a password, they do not see the characters on screen, as they are normally obscured in order to prevent any third party identifying the characters that have been typed on a keyboard. Users tend to remember the gestures for their password, rather than the symbols that compose it. Indeed, sometimes the password is a gesture. It is also the case that users tend to become very familiar with the keyboard layout that they use, while not appreciating that other keyboard layouts exist that have subtle differences between the layouts. If the user does not appreciate that the current keyboard layout is the same as their normal one, then errors can occur.
If it is considered that a declared keyboard is the current keyboard defined in the computer through operating system configuration then it can be assumed that the client software knows the declared keyboard. The real keyboard is the keyboard that is plugged into the computer. Situations where the real keyboard is different from declared keyboard and the client has no way of knowing this include the input of a BIOS password when the BIOS settings do not match the real keyboard, a remote desktop login, a keyboard remapped on a client and a bad application configuration or user error. All of these situations can lead to confusion as to the keyboard configuration that the user believes they are using and the keyboard configuration that the relevant software is aware of.
The user may type the wrong password and as a result, an authentication process can fail. For example, a user may type the password “carthago”, assuming that they are using an azerty keyboard and this will be rendered as “cqrthqgo” if in fact the current keyboard is a qwerty keyboard, resulting in a password mismatch. If the user tries again, then this slows down the login session and leads to user frustration, especially if the user is not aware of the keyboard mismatch and the user's password can get revoked.